OSINT Cheat Sheet

In this section, we are sharing some OSINT methods which can be used into gathering useful information on a granular basis. This reconnaissance techniques enable analyst to categorize threat level , to get specific host / IP geolocation and specific information.

Deep dive into People Investigations

Gathering recon at personal level seems to offensive but it depends if you are conducting to trace Hacker / malicious entity. Most of the times during analysis, we encountered with some specific usernames, email addresses encoded in the malware payload which demands if we try to recon some patterns. Below mentioned websites, search engines are being used by intelligence agencies for years for tracing activities.

Usernames search on internet

Username search analysis can be helpful in tracing personal activities into various social campaigns and determining individual’s behaviour trend analysis. Just to mention User Behaviour Analysis is now being considered as a important crtiteria by various corporate organisations in tracing out insiders threat.

E-mail Search services

This section focuses mostly on preventive basis as compaired to offensive one. Most of the times, we are getting news like some millions usernames got hacked and suggested to change passwords. Some of these techniques used to locate if individual’s email is inside Hacked Database. Also on the other side, it is also valuable in tracing malware author activities.

fbStalker – OSINT tool for Facebook – Based on Facebook Graph and other stuff
geoStalker – OSINT tool for Geolocation related sources – Flickr, Instagram, Twitter, Wigle.
The userIDs found is used to find social media accounts across other networks like Facebook, Youtube, Instagram, Google+, Linkedin and Google Search.